 So now we'll look at some real ciphers and we'll first distinguish between two different variants. We're focusing on symmetric key encryption. Both sides use the same key. We'll talk about what is a block cipher versus an alternative, a stream cipher, and then we'll go through in detail a particular cipher which was very popular, no longer used today but the concepts are still applied called DES, the data encryption standard. First we'll get today, I think we'll get through some of the principles, maybe introduce DES. First of symmetric key encryption ciphers, there are two variants, stream and block. So let's just mention the difference between stream and block ciphers. That is primarily about the size of information we encrypt at a time. In both cases when we encrypt we take our plain text and we split it into chunks and we encrypt a chunk at a time. We don't encrypt it all at once. We say take a sequence of bits, encrypt that, and then the next sequence of bits and encrypt that. And the difference between stream and block ciphers is really the length of that sequence of bits or bytes that we encrypt at a time. A stream cipher encrypts a stream of data, usually one bit or one byte at a time. So if I have, when we talk about a stream we often think about continuously generated data. Think of a real time application, someone's talking in a voice call with someone across the network and you want that voice as it's sent, as is binary across the network, to be encrypted. So as you talk normally the bits representing your voice may be encoded with PCM as sent across the network but if we want to encrypt that as we generate those bits we encrypt them and then send them. So we're generating a stream of bits continuously as we talk. So one example of stream ciphers is to encrypt that real time stream of bits but one bit or more typically one byte at a time. So let's say an application generates a stream of bits, continuous, every byte is encrypted and then sent or encrypted and then the next byte is encrypted. We'll see a block cipher is similar but it encrypts larger chunks at a time and it results in different types of algorithms. Stream ciphers need to be fast normally. Think of real time applications, streaming voice or streaming some video across the network. There should be very small delay from when you generate the data until when it's received at the other end point. So you don't want to have to wait a long time to encrypt that data. So that's where stream ciphers become useful. What they do is they encrypt one byte at a time and the typical way they do it is using XOR, the diagram down the bottom. The plain text comes in, say a byte of plain text, eight bits. To encrypt we XOR that plain text with a random sequence of bits. Where we have some algorithm, a bit stream generation algorithm or just a random number generator that generates this what's called cryptographic bit stream but think of it a random sequence of bits is XORed with a plain text. What's this? XOR, one time pad. Effectively we've got the one time pad here. Plain text XOR with a random stream of bits is our definition of the one time pad. But in practice usually the random sequence of bits is not truly random. It repeats over time. That is maybe we have a million bits which appear random but then we come back and repeat those same million bits again and keep repeating. So it's not truly random therefore it doesn't become the one time pad it's closer to the vision air cipher in that principle of repeating keywords. So XOR in terms of implementation is very fast in computer hardware and that makes encryption very fast. All we need to do is generate random numbers. And there are some fast algorithms for generating random numbers. We'll see some in a later topic. How do you decrypt XOR? Check exclusive OR if you encrypt something and if you take a sequence of bits XOR it with a sequence of bits this k i here and you get cipher text. If you take that cipher text and XOR it with the original k i you'll get the original plain text. So XOR is its own inverse. So in fact encryption and decryption is the same and again that's easy for implementations to encrypt something or decrypt something you use the same implementation the same algorithm. So very simple to implement. You just need some way to generate random bits typically used for encrypting data in real time as we need to send it. We may see some examples of an algorithm or a couple of algorithms of that later. What we're going to focus on is the other one block ciphers because they're in fact more widely used. Instead of encrypting a byte at a time we encrypt typically a block of 64 or 128 bits at a time. Not much difference 8 bytes or 16 bytes but it turns out the algorithms are much different. They can be slower although current algorithms and current hardware are not much slower but they don't depend upon random numbers and random numbers are hard to generate in some cases. So that's the advantage of block ciphers. The way we view a block cipher is we have a b bits of plain text say 64 bits of plain text and we take a key we have some complex encryption algorithm you'll see complex as we go through some examples and the output is a b bit cipher text 64 bits in the example. What if we have plain text of length larger than b what do we do let's say b is 64 bits or 8 bytes and I have 640 bits to encrypt I have a 640 bit file to encrypt what do I do I just break my plain text 640 bits into 10 blocks encrypt each block at a time and a simple way is then to join the cipher text block that comes out concatenate them together to get the resulting cipher text. So all block ciphers we just operate on a small part at a time to operate on an input which is larger there are ways to combine the output and in a later topic we'll see that they are called modes of operation and that comes up later how to combine block ciphers are typically used for encrypting files okay there's they're not it doesn't need to be encrypted in real time and in fact nowadays also can be used for streaming data because the implementations are becoming so fast that with block ciphers it's not much slower than a stream cipher so let's focus on block ciphers we take b bits in and we get b bits out and the b bits that we get out should be a random okay that is that's what we're like in our cipher text so that no one can determine the original plain text plus some other properties that we'll see one of those properties of this block cipher is that we need reversible mappings the cipher essentially essentially takes a sequence of plain text bits and produces a same length sequence of cipher text it maps one sequence of bits to another sequence that mapping must be reversible and the two tables show an example of a reversible and an irreversible mapping for example let's say we have two bits of plain text a two bit block there are four possible plain text inputs zero zero through to one one an example mapping that is reversible is that our cipher maps zero zero to one one it maps zero one to one zero and so on for the last two rows so that's just an example mapping of plain text to cipher text it's reversible because given the cipher text we can uniquely identify the plain text if the cipher text is one one I can decrypt and find out that the plain text will be zero zero if the cipher text is zero zero I know when I decrypt it must correspond to plain text one zero it's reversible irreversible would be this example we map the plain text values to this combination of cipher text the problem if my cipher text is zero one and I want to decrypt what is the plain text anyone well we don't know if the cipher text I have is zero one and I decrypt the plain text could have been either one zero or one one so this is not reversible and we need a block cipher to be reversible so that we can get the original plain text out so a simple property is that our block cipher must be reversible otherwise we can't decrypt now something about how many possible mappings are there for a particular block cipher let's say we have two bit blocks like in this example so in this case two bits come in we have some algorithm that maps it to two bits of cipher text the algorithm provides that mapping that defines the mapping and the key tells us which mapping to use so the table I show here is one particular mapping I could have chosen a different mapping that is I could have chosen zero zero to one zero zero one to one one one zero to zero zero one one to zero one that would be a different mapping and when I encrypt my plain text I would get different ciphertext as output so that corresponds to a different key how many possible mappings are there in this example here's one of them so here's one possible mapping how many others are there anyone can count them I've got an example that shows and lists them all and you've got it in your handout let's have a look I think it's included in your printed handouts and bring it up I think this is printed on just that towards the end I hope so otherwise you have to look on the screen it's an example of a two bit block cipher that's the one we looked at before yep it's there somewhere correct yeah so this lists all the possible mappings that is on the left column here with two bits plain text there are four possible plain text inputs zero zero through to one one and my cipher can produce different possible mappings to ciphertext so I've listed them all there's 24 you can see take plain text so the first column is the plain text the next 12 columns are the ciphertext for a particular mapping so if I take plain text zero zero one mapping produces zero zero as output if I take plain text zero one it produces zero one as output and so on so that's one possible mapping not a very good one but it's possible not good because it's the identical to the plain text another mapping is this second column here under K2 so if I encrypted one zero the ciphertext would be one one and I list all possible mappings 24 it's only it's all possible arrangements of those four values there are 24 possible permutations of those four values that's all we've done here just any ordering of those four values and we get 24 which is what four factorial so if we had three bits there are eight possible plain text they with three bits block there are eight possible plain text so it would list eight here from zero zero zero through to one one one and the number of possible mappings would be eight factorial whatever that value that is that's the number of permutations and we can think of each mapping as identifying a key so what happens with a block cipher is when I want to encrypt something I choose one of those mappings or I choose a key so let's say I want to encrypt using key seven I take my plain text if my plain text is zero one and I want to use key seven then the cipher text will be zero zero if I had different plain text such as one one using the same key the cipher text would be one one if I change the key to key 14 for example plain text zero one would map to one one one one would map to one zero okay so the key specifies which mapping to use and this gives us all possible mappings in effect in in effect 24 possible keys in this cipher we can think of the key so remember one of the problems is that if a chooses the key seven they need to tell be what that key is a simple way to think of the key is I tell you what mapping to use okay I tell you before I send the encrypted information I somehow tell you that let's use the mapping and the ordering is zero one zero zero one zero one one okay you know that that means zero zero will map to zero one zero one to zero zero and so on so I tell you that mapping when I send you cipher text one zero then you know if you receive cipher text one zero we're using key seven the plain text must have been one zero so there are 24 possible keys and a simple view of the keys is to specify what mapping to use so we could say key one could be written as zero zero zero one one zero one one that should be K2 here here or K2 could be no it's not I need to check that one K2 would be zero zero zero one one one one zero that would be the key what's the length of the key how many bits the key in this case I could write it as a sequence of eight bits those actual bits used in the mapping that's one way to write the key K1 is this sequence of eight bits zero zero zero one one one one zero I think there's a one down the below below that shows that so this is one way to implement a block cipher just allow every possible permutation of the plain text values where each permutation is selected by a key this is called an ideal block cipher how many possible permutations or transformations to the power of n factorial where n is the number of bits of plain text in our case we had n equal to 2 and n bit block cipher takes n bits of plain text produces n bits of cipher text if we have a two bit block cipher there are four possible plain text blocks and 24 possible permutations or transformations if we have a 64 bit block cipher we have two to the power of 64 possible plain text blocks which is what four billion billion or something and the number of possible permutations is four billion billion factorial and you cannot calculate that okay for factorial that's such a large number is is too hard to calculate or I don't have a calculator do it very many okay now the that's good the more transformation the better but it turns out in practice that means that the key must be very large with so many possible keys the number of possible keys or the number of possible transformations is two to the power of 64 factorial to represent or store that key requires a large amount of space and that is a practical problem that we have to deal with we want to make the key shorter so that somehow I can write it down and give it to you or we can distribute it in a efficient manner so an ideal block cipher we just saw it maps an n bit input to two to the power of n possible input states the best way to understand that is through this example this is an ideal block cipher where n is two it maps a two bit input to one of the possible output states the problem with ideal block ciphers is that they're good for security but if we use a large block and is a 64 bits then it means there are 64 to the power of 64 factorial and possible keys and if you try and represent that number of keys in a binary number the key is very very large and we cannot distribute that key very well so with large keys implementations are usually slow and that distributing them is a problem so using a large block requires a large key which is not practical so the idea then is to use a small block but it turns out and we'll see through some examples using a small block like two bits it's very easy to break so what we need is a large block like 64 bits but a small key and what we'll see next week is that some people have come up with ways to do that large blocks smaller keys Feistel was one of the earlier people who come up with a structure that does that and we'll see that next week and we'll see it's very common in most ciphers used today that's enough detail